Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-1530 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2017-1425 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.0.1.1/8.5.7.0 IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2015-7391 | Cross-site Scripting vulnerability in Testlink Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php. | 6.1 |
| 2017-09-26 | CVE-2017-14744 | Cross-site Scripting vulnerability in Baidu Ueditor UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | 6.1 |
| 2017-09-25 | CVE-2017-14735 | Cross-site Scripting vulnerability in Antisamy Project Antisamy OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | 6.1 |
| 2017-09-25 | CVE-2015-8375 | Cross-site Scripting vulnerability in PHP-Fusion 9.00 Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | 5.4 |
| 2017-09-25 | CVE-2015-5181 | Cross-site Scripting vulnerability in Redhat Jboss A-Mq The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | 5.4 |
| 2017-09-25 | CVE-2015-5169 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | 6.1 |
| 2017-09-25 | CVE-2015-7316 | Cross-site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. | 6.1 |
| 2017-09-25 | CVE-2015-6748 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | 6.1 |